40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a | Triage

Submit
Reports

Overview

overview

Static

static

8

40420865e2...9a.exe

windows7-x64

40420865e2...9a.exe

windows10-2004-x64

Sharing

General

Target

40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a
Size

606KB
Sample

221004-f23zkadgb6
MD5

5c555c3adde06e86dea7545c785ba6f5
SHA1

7b56f9442151f9381db30b489fd1439855873140
SHA256

40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a
SHA512

b1e7eb577bef23341ce20b288db447e7d6017210685f384011033c04e1d62e4457a2f00845491a37b70c86e5aa6a8a3a55826d61a1ebd83428f8190373706b64
SSDEEP

6144:GWZfec9EbXDk6RkQKVrG1VVE+IsrG1VVE+I5E2EeRQJ/od/UOPSe570Szp3y:3ZWtI6RkruPuVws/o2OB0H

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a
- Size
  
  606KB
- MD5
  
  5c555c3adde06e86dea7545c785ba6f5
- SHA1
  
  7b56f9442151f9381db30b489fd1439855873140
- SHA256
  
  40420865e275a689bbc4411bd94e5f9d7c883f89f61748fe9151079f2ebaf49a
- SHA512
  
  b1e7eb577bef23341ce20b288db447e7d6017210685f384011033c04e1d62e4457a2f00845491a37b70c86e5aa6a8a3a55826d61a1ebd83428f8190373706b64
- SSDEEP
  
  6144:GWZfec9EbXDk6RkQKVrG1VVE+IsrG1VVE+I5E2EeRQJ/od/UOPSe570Szp3y:3ZWtI6RkruPuVws/o2OB0H
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy